UTF-8 encoding

[<biftarin () hotmail com>]

Hi,

I'm currently auditing a web application running on Apache 1.3.27, PHP 4.3.7 and mySQL 3.23.58 

I've found a parameter that's vulnerable to SQL injection but I have encountered a problem preventing me from 
exploiting the vulnerability.

The application filters out apostrophes and the URL encoding of them. So I tried using UTF-8 encoding and found that 
this was not filtered out. 

Yet the query doesn't return a row as expected.

To ensure the query was correct I removed the code that filters out apostrophes and tried the query using 'normal' 
apostrophes and it returned a row.

So my question is... if I use normal apostrophes and this query (as seen in the SQL log) returns a row..

SELECT * FROM users WHERE password = 'correct' OR user='exists'

how come the same query doesnt work with the UTF-8 encoding of apostrophes?

I've checked the SQL log and both queries are exactly the same (as shown above) regardless of which way the apostrophes 
are inputted.

If anyone could shed some light on this issue I'd be very grateful :)